Hello, I downloaded Debian-12-Perfect-Server-Apache.ova from this howto: https://www.howtoforge.com/perfect-...ot-ispconfig-3-2/#-install-pureftpd-and-quota and set up my first domain. Now, where remote IPs should be shown (e.g., in access logs or any script that should show remote IP), I get the HAProxy IP instead, which in my case is 192.168.5.1. I've found a few old posts discussing the use of mod_remoteip with Apache but couldn't find any instructions on how to make it work. Example: /var/www/clients/client1/web1/log/access.log Code: 192.168.5.1 - - [11/Jun/2024:20:17:38 -0700] "GET / HTTP/1.1" 200 26303 "-" "Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Mobile Safari/537.36" I would be really thankful for any help. Thank you!
Thanks for taking time to reply! I enabled it with this: Code: root@debian:~# a2enmod remoteip Enabling module remoteip. To activate the new configuration, you need to run: systemctl restart apache2 root@debian:~# systemctl restart apache2 root@debian:~# but I couldn't find any related info what else to do... Can you please advise?
Most likely, this: You'll have to ensure that your HAProxy adds the right header, this is done with this config option: Code: option forwardfor In /etc/apache2/conf-available/remoteip.conf or /etc/apache2/apache2.conf, you add: Code: RemoteIPHeader X-Forwarded-For RemoteIPTrustedProxy 127.0.0.1 ::1 # Replace with the IP address of your HAProxy server Restart Apache and check if it works now. If not, then you'll most likely have to change the LogFormat line in /etc/apache2/sites-available/ispconfig.conf file to: Code: LogFormat "%v %a %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined_ispconfig and restart Apache and test it. If it works now, then you'll must make the change update safe by copying the file /usr/local/ispconfig/conf/apache_ispconfig.conf.master to /usr/local/ispconfig/conf-custom/apache_ispconfig.conf.master and change the LogFormat line there too.
Ok, so there's no file in /etc/apache2/conf-available/remoteip.conf. Should I create remoteip.conf ? Or maybe is located somewhere else on Debian 12. I entered: Code: RemoteIPHeader X-Forwarded-For RemoteIPTrustedProxy 192.168.5.1 # IP address of my HAProxy server in /etc/apache2/apache2.conf and got this after restart of apache: Code: root@debian:~# systemctl restart apache2 Job for apache2.service failed because the control process exited with error code. See "systemctl status apache2.service" and "journalctl -xeu apache2.service" for details. root@debian:~# systemctl status apache2.service × apache2.service - The Apache HTTP Server Loaded: loaded (/lib/systemd/system/apache2.service; enabled; preset: enabled) Active: failed (Result: exit-code) since Wed 2024-06-12 11:03:25 PDT; 17s ago Duration: 10min 59.966s Docs: https://httpd.apache.org/docs/2.4/ Process: 234383 ExecStart=/usr/sbin/apachectl start (code=exited, status=1/FAILURE) CPU: 49ms Jun 12 11:03:25 debian.example.com systemd[1]: Starting apache2.service - The Apache HTTP Server... Jun 12 11:03:25 debian.example.com apachectl[234387]: AH00548: NameVirtualHost has no effect and will be removed i> Jun 12 11:03:25 debian.example.com apachectl[234387]: AH00526: Syntax error on line 229 of /etc/apache2/apache2.co> Jun 12 11:03:25 debian.example.com apachectl[234387]: RemoteIP: Error parsing IP # (Name or service not known erro> Jun 12 11:03:25 debian.example.com apachectl[234383]: Action 'start' failed. Jun 12 11:03:25 debian.example.com apachectl[234383]: The Apache error log may have more information. Jun 12 11:03:25 debian.example.com systemd[1]: apache2.service: Control process exited, code=exited, status=1/FAIL> Jun 12 11:03:25 debian.example.com systemd[1]: apache2.service: Failed with result 'exit-code'. Jun 12 11:03:25 debian.example.com systemd[1]: Failed to start apache2.service - The Apache HTTP Server. lines 1-17/17 (END) Line 229 has my HAProxy server IP
Wow, didn't know that "#" has impact where it's placed. Now apache restarts! Unfortunately, even after replacing: Code: LogFormat "%v %a %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined_ispconfig in /etc/apache2/apache2.conf the log still shows 192.168.5.1 and not remote IPs. Any other suggestion?
Which exact log file do you check? The log format is for the ISPConfig apache log of the sites, not the global Apache logs.
I'm checking /var/www/clients/client1/web1/log/access.log which is ISPConfig apache log of the site, correct?
Yes, restarted Apache with systemctl restart apache2 and rebooted server couple of times just in case.
I do not use HAproxy, so I can't give you more info about that. Maybe someone else here uses it and can help you out.
Thanks for your help! Hopefully someone will chime in. Hard to believe I'm the only only one using it with HAProxy
i've not used HAProxy for a long time now.. but unless they've changed it, just setting 'option forwardfor' is all you need there. i've seen various articles saying it should be set in the frontend, others saying in the backend, and one even saying it can be set in any of frontend, defaults, listen or backend section. i think, from memory (which isn't great), that i used to set it in the backend section. so play around with where it's configured, or even add it to all sections.. and see if it works then. if there's any other device between haproxy and the backend server that might alter headers than that could be removing it. otherwise, in apache, is mod_remoteip actually installed/active? in the log format, mod_remoteip fills in %a and removes it from %{X-Forwarded-For}i so you could try using %{X-Forwarded-For}i instead, see if that works without mod_remoteip
